Skip to content

Instantly share code, notes, and snippets.

@AbdullahGhani1

AbdullahGhani1/DisableRootLogin.md

Last active December 30, 2025 11:31
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save AbdullahGhani1/63d4a2c7578a86da8e2dad54b4e4bd22 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save AbdullahGhani1/63d4a2c7578a86da8e2dad54b4e4bd22 to your computer and use it in GitHub Desktop.
Download ZIP
Disable Root Login -KodeKloud
Raw
DisableRootLogin.md

Disable Root Login

After doing some security audits of servers, xFusionCorp Industries security team has implemented some new security policies. One of them is to disable direct root login through SSH. Disable direct SSH root login on all app servers in Stratos Datacenter.

Click on ✔ and Do Task Again

Solution:-

Step 1: Open SSH Sessions to All App Servers

Open Three terminals. Ensure you have the passwords ready (usually provided in the lab details).

  • App Server 1 ssh tony@stapp01
  • App Server 2 ssh steve@stapp02
  • App Server 3 ssh banner@stapp03

Step 2: Edit the SSH Configuration on each app server and Search for #PermitRootLogin

sudo vi /etc/ssh/sshd_config
# In vi editor, search for the line by typing:
# Press '/' then type 'PermitRootLogin' and press Enter
/PermitRootLogin

# You'll find one of these configurations:
# - #PermitRootLogin yes                    (commented out, root login allowed)
# - #PermitRootLogin prohibit-password      (commented out, password auth disabled)
# - PermitRootLogin yes                     (active, root login allowed)

# To edit:
# 1. Press 'i' to enter INSERT mode
# 2. Remove the '#' symbol if present
# 3. Change the value to 'no'
# 4. Press 'Esc' to exit INSERT mode
# 5. Type ':wq' and press Enter to save and quit

# Correct configuration should look like:
# PermitRootLogin no

image

Step 3: Verify the Configuration

Check for syntax errors:

sudo sshd -t

If no errors are displayed, the configuration is valid.

Step 4: Restart SSH Service

Apply the changes by restarting the SSH daemon:

sudo systemctl restart sshd

Step 5: Verify SSH Service Status

Confirm the service restarted successfully:

sudo systemctl status sshd

Step 6: Verify Configuration File

Confirm the change persists:

sudo grep "^PermitRootLogin" /etc/ssh/sshd_config

Expected output: PermitRootLogin no

Step 7: Test the Configuration

Important: Keep your current SSH session open while testing.

Open a new terminal and attempt to connect as root:

ssh root@stapp01

You should receive: "Permission denied" or "Access denied"

@joshua-demebo
Copy link

joshua-demebo commented Jul 25, 2022

Nice on, it works like magic

@erjan
Copy link

erjan commented Feb 6, 2024

but i can still root login when i m under tony on stapp01.

if i m tony on stapp01 i can do 'sudo su - ' - and still be root.

however if i totally out of stapp01 - and do
ssh root@stapp01 - then 'permission denied'

is this how it works?

@alaison-benny
Copy link

alaison-benny commented Oct 21, 2024

Good!

@zak-carrot
Copy link

zak-carrot commented Sep 10, 2025

actually without changing the /etc/ssh/sshd_config i directly tried ssh root@stapp01 from thor its already giving me permission denied then why we should login individually and change the permitrootlogin to no?

@dinesh00509
Copy link

dinesh00509 commented Dec 29, 2025

but i can still root login when i m under tony on stapp01.

if i m tony on stapp01 i can do 'sudo su - ' - and still be root.

however if i totally out of stapp01 - and do ssh root@stapp01 - then 'permission denied'

is this how it works?

yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment